How We See It

Security News

Atlanta mayor Keisha Bottoms said on Thursday, March 22, that hackers attacked the city’s network system and encrypted data. The details are somewhat slim for now, but hackers reportedly used the SamSam ransomware and demand around $51,000 in Bitcoin to unlock the city’s seized computers. Atlanta is currently working with the Department of Homeland Security, the FBI, Microsoft, and Cisco cybersecurity officials to determine the scope of the damage and regain control of the data held hostage.

The company announced Tuesday that it has been acquired by Amazon and would be joining the Amazon Web Services (AWS) family. Founded in 2012, Sqrrl has raised more than $28 million in funding, including $12.3 million in June 2017 and $7 million in February 2015.

NEW YORK (Reuters) - The inability of law enforcement authorities to access data from electronic devices due to powerful encryption is an “urgent public safety issue,” FBI Director Christopher Wray said on Tuesday as he sought to renew a contentious debate over privacy and security.The Federal Bureau of Investigation was unable to access data from nearly 7,800 devices in the fiscal year that ended Sept. 30 with technical tools despite possessing proper legal authority to pry them open, a growing figure that impacts every area of the agency’s work, Wray said during a speech at a cyber security conference in New York.

McAfee and Skyhigh Networks today announced a definitive agreement to combine businesses, with McAfee acquiring Skyhigh Networks for an undisclosed amount. The move comes less than eight months after McAfee established itself as one of the world’s leading pure-play cybersecurity companies, dedicated to being the preferred cybersecurity partner to customers.

Barracuda Networks, Inc. (NYSE: CUDA), a leading provider of cloud-enabled security and data protection solutions, today announced that it has entered into an agreement to be acquired by leading private equity investment firm Thoma Bravo, LLC. in an all-cash transaction valued at $1.6 billion.

About 57 million people who use Uber had their personal data swiped by hackers last year, an attack that Uber's top security chief tried to hide for the past 13 months. Bloomberg News reporter Eric Newcomer disclosed the hack today, which led to the resignation of Uber Chief Security Officer Joe Sullivan and his deputy, Craig Clark. Both concealed the October 2016 hack and were asked to resign by Uber CEO Dara Khosrowshahi, the report said.

Cisco (NASDAQ: CSCO) and BroadSoft (NASDAQ: BSFT) today announced a definitive agreement for Cisco to acquire publicly-held BroadSoft, Inc., headquartered in Gaithersburg, MD. Pursuant to the agreement, Cisco will pay $55 per share, in cash, in exchange for each share of BroadSoft, or an aggregate purchase price of approximately $1.9 billion net of cash, assuming fully diluted shares including conversion of debt. The acquisition has been approved by the board of directors of each company.

The U.S government issued a rare public warning that sophisticated hackers are targeting energy and industrial firms, the latest sign that cyber attacks present an increasing threat to the power industry and other public infrastructure.The Department of Homeland Security and Federal Bureau of Investigation warned in a report distributed by email late on Friday that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks dating back to at least May.

One of the world’s “big four” accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients, the Guardian can reveal.Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months.

Guess whose database was hacked, exposing sensitive information that could be used for illegal profit, but who failed to disclose that information to the public in a timely manner?If you picked Equifax, which disclosed a breach on Sept. 7 that resulted in the theft of personal financial information of as many as 143 million Americans, you would only be half right.

Montgomery County, Alabama, the victim of a ransomware attack that began last week, paid hackers a ransom of up to $50,000 to retrieve stolen data, county officials confirmed to FOX Business on Monday.“Montgomery County’s IT Director, Lou Ialacci, said his team worked tirelessly to retrieve the data, but ultimately the county had to pay the ransom in order to retrieve the 60-70 terabytes of data. We paid half Saturday and received half of the data and then paid the remaining on Sunday,” a spokesperson for the Montgomery County Commission said in a statement to FOX Business.

Antivirus firm Avast has admitted inadvertently distributing a trojanised version of CCleaner, a popular PC tune-up tool, for nearly a month, infecting an estimated 2.27 million users.Cisco Talos discovered that servers distributing the program were leveraged to deliver malware to unsuspecting victims.

Massachusetts Senator Elizabeth Warren and 11 other Democratic senators introduced a bill this week that could give people the ability to freeze their credit for free. Warren also announced that she's sent letters to the country's three biggest credit reporting firms (Equifax, TransUnion, and Experian), the FTC, the Consumer Financial Protection Bureau, and the Government Accountability Office in an effort to kickstart an investigation into Equifax's monumental data breach that affected more than 140 million Americans.

The Equifax breach that exposed sensitive data for as many as 143 million US consumers was accomplished by exploiting a Web application vulnerability that had been patched more than two months earlier, officials with the credit reporting service said Thursday.

China has set up its first “commercial” quantum network in its northern province of Shandong, state media said, the country’s latest step in advancing a technology expected to enable “hack proof” communications. China touts that it is at the forefront of developing quantum technology. In August it said it sent its first “unbreakable” quantum code from an experimental satellite to the Earth. The Pentagon has called the launch of that satellite a year earlier a “notable advance”.

Syringe pumps used in hospitals around the world have flaws hackers could exploit to change the dosages being delivered to patients. Security researcher Scott Gayou found eight separate flaws in the MedFusion 4000 pump made by Smiths Medical. His discovery led the US Department of Homeland Security (DHS) to issue a warning about the danger this posed. Smiths plans to fix devices by early 2018 and said it was "highly unlikely" any hackers would exploit the flaws.

Over the past decade, Bluetooth has become almost the default way for billions of devices to exchange data over short distances, allowing PCs and tablets to transfer audio to speakers and phones to zap pictures to nearby computers. Now, researchers have devised an attack that uses the wireless technology to hack a wide range of devices, including those running Android, Linux, and, until a patch became available in July, Windows.

Data leaks have become so commonplace that it’s to become numb to them, but credit reporting service Equifax announced a doozy today that when all is said and done could involve 143 million consumers. This is bad. It was a treasure trove of information for the bad guys out there and included Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. As though that weren’t bad enough, 209,000 people had their credit card info leak and the breach also included dispute documents with personally identifying information from 182,000 consumers.

Advanced hackers have targeted United States and European energy companies in a cyber espionage campaign that has in some cases successfully broken into the core systems that control the companies’ operations, according to researchers at the security firm Symantec.

A list of login credentials for home routers and more than 1,700 internet of things (IoT) devices has been published on Pastebin. The list contains user names and passwords for 8,233 unique IP addresses, 2,174 of which were still running open Telnet servers as of the end of last week. Victor Gevers, chairman of the GDI Foundation, told Ars Technica that out of those, 1,774 remain accessible using the credentials.

Kaspersky Lab's tussle with the US government could have ramifications for its dealings with the private sector. A new report claims the FBI has been meeting with companies to warn them of the threat posed by the cybersecurity firm. The briefings are the latest chapter in an ongoing saga concerning the use of Kaspersky's products by government agencies.

In what reads like science fiction becoming reality, researchers at the University of Washington have been able to successfully infect a computer with malware coded into a strand of DNA. In order to see if a computer could be compromised in that way, the team included a known security vulnerability in a DNA-processing program before creating a synthetic DNA strand with the malicious code embedded. A computer then analyzed the “infected” strand, and as a result of the malware in the DNA, the researchers were able to remotely exploit the computer.

Malware which has the ability to take down a city's electrical and power grid has been detected. Named 'Industroyer', the malware was identified after an attack on Kiev in 2016 and analysis by ESET of the malware has found that it is capable of controlling electricity substation switches and circuit breakers directly.

An invasive form of malware believed to be attached to a Chinese firm could spell "global catastrophe," according to the cybersecurity firm that discovered it. The software has the power to gain near-complete control of targets, including spying on files.

A cybersecurity attack that hit most Chipotle restaurants allowed hackers to steal credit card information from customers, the burrito chain confirmed. The company first acknowledged the breach on April 25. But a blog post on Friday revealed the kind of malware used in the attack and the restaurants that were affected.

It took only one attempt for Russian hackers to make their way into the computer of a Pentagon official. But the attack didn’t come through an email or a file buried within a seemingly innocuous document.

Check Point is investing heavily in educating IT pros about the cloud, not only to promote their own cloud security products but to give potential customers the skills they’ll need to keep their jobs as their employers move more and more resources to public cloud providers.

If someone invites you to edit a file in Google Docs today, don’t open it — it may be spam from a phishing scheme that’s been spreading quickly this afternoon. As detailed on Reddit, the attack sends targets an emailed invitation from someone they may know, takes them to a real Google sign-in screen, then asks them to “continue to Google Docs.” But this grants permissions to a (malicious) third-party web app that’s simply been named “Google Docs,” which gives phishers access to your email and address book.

We can't seem to go a single week without news of a severe vulnerability out there in the wild, and it looks like our streak isn't about to end. Not too long ago, a number of NSA-derived tools were released online, giving us an idea of how desperate the folks at one of the US government's leading intelligence agencies are to get inside targeted PCs. Now, we have to hope that IT managers and system owners alike take updating their OS seriously.

The chief executive of email unsubscription service Unroll.me has said he is “heartbroken” that users felt betrayed by the fact that his company monetizes the contents of their inbox by selling their data to companies such as Uber.

A group of hackers is allegedly trying to extort Apple by holding Apple customers’ data for ransom and threatening to remotely wipe iCloud accounts connected to both iPhones and iPads if those ransoms are not paid.

Cisco Systems said that more than 300 models of switches it sells contain a critical vulnerability that allows the CIA to use a simple command to remotely execute malicious code that takes full control of the devices. There currently is no fix.

Microsoft's wide range of online services suffered a second outage this month. Services like Xbox Live, Outlook.com, Skype, OneDrive, and Microsoft’s Windows Store prevented users from signing into accounts for nearly two hours today. The Verge tested a number of accounts, and can confirm that services were experiencing widespread issues.

Many Windows 10 users are unknowingly sending the contents of every keystroke they make to Microsoft due to an enabled-by-default keylogger. This function has been around since the beginning of Windows 10, and is a prime example of why you should never go through the default install process on any Operating System.

WikiLeaks has promised to release software code of CIA hacking tools to tech firms.
The promise from chief Wikileaker Julian Assange - now ensconced in Ecuador's London embassy for four and a half years - came on Thursday during a internet-streamed press conference on Vault 7, its recent CIA cyber-weapons documents dump.